The customer has five Internet lines, use five default routing to realize dynamic load balancing; Because the original firewall performance problem, unable to support more users to use, so plan to use our USG5320 to replace. According to the original device configuration information, make the USG5320 configuration, appear the following two problems:
1, multiply Internet lines of the same security domain can't make multiple PAT configuration;
2, after change USG5320, find only three of the original five Internet lines have flow now.
Create multiple security domain respectively, each security domain correspond a Internet line, respectively make NAT configuration.
Due to the problem of product, communicate with the user, some Internet users through the PBR, choose the other two default routing do not ingest the routing table to realize access Internet.
Because the NAT configuration of other manufacturer device is in the interface, do not exist the problem that there are several lines under the same interface; so can achieve the multiply lines NAT translation configuration in the same security domain.
1, check USG5320 configuration, NAT, five default routing configuration, the packet filtering configuration, and all right. Can ping pass the peer end IP address;
2, check the routing table and only find 3 default routing can be used in the routing table, the other two default routing do not add to routing table;
3, through delete a routing table has added the default routing, find that USG automatically add another default route to routing table, the usable default routing number is still 3, make sure USG5300 only support three default routing.
When this problem happened, suggest guide customers to use PBR, dive the important user data into a better quality line, to realize the important user special use the line, guarantee the important user bandwidth; the not important user use other line to realize load balancing and share Internet bandwidth.